PDA

View Full Version : Request : Crack protected code in software


AmazingTrans
September 20th, 2012, 12:21
Hi everybody,

I have been trying to crack the code for this software for a while. Thought i was close but still could not crack it.
Here is what i found.
This software we can write our programming language in a structure text almost like C. After we are done, we close the file, and you can right click the file and protect it with password protection. You have to define
User:
Password:
repeat password:

In my first test, I was able to find where the username and password is located at.
For Example:
I define
Filename: ST_4
User: CRACKER
Password: 12345ABCDE

^RB –s–‚R— poe_containerDD4? s–‚R— wObjectProperties€0oL< 3€R— 74765C70B3C449E88BBEA6DF5C6203BhhX? 3€R— Sbase_dataS@?6H<, 3€R— ext_name€1 0 K:* 3€R— Attributes @ J>. 3€R— ;% CrossRef;% ;(Ÿ F:* 3€R— “ CallTree“ @ F:* —3€R— cross_refdirBB2? œ €R E— Ssecondary<<,? œ €R E— unit_body_varsFF6 œ €R E— unit_body_types_constsVVF œ €R E— unit_body_relationsPP@ * œ €R E— unit_interface_varsPP@ Ÿ œ €R E— unit_interface_types_consts``P ž œ €R E— unit_interface_relationsZZJ œ €R E— poe_container_header @ ^RB œ ‰ P E— Spoe_containerDD4? “ ‰ 3f”• Extensions>>.? ’ ‰ 3f”• header@ mB6& ‘ ‰ 3f”• -source-€ o€ – 6 ƒ/ ’˫$s S@˜,~- o6& ‰ ac”• secondary<<,? Š ac”• unitused@ mF:* Ž Š ac”• !unitinterf!€0 17 Name_Exports_V4.2 k>. Š ac”• # symb# @ >2" Œ Š ac”• “ header“ @ B6& ‹ Š ac”• externrefs@B6J>. Š ‰ ac”• primary88(? ~ t š ‘ Extensions>>.? } t š ‘ header@@6B6& | t š ‘ source @ B6& { t š ‘ secondary<<,? z u š ‘ unitused::* y u š ‘ unitinterf>>. x u š ‘ symb22" w u š ‘ w headerw @ B6& v u š ‘ externrefs>>. u t š ‘ primary88(? t š ‘ {96A9A425-6844-469E-97BC-A65AE1753363}vvf? ‹R {F09B75CD-B452-496A-8FFC-8CEC4D57EBD5}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_5UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 630250835 272809789830250835 2727941445{CA813A52-E517-3A55-81BD-176B9CB5E60F} 0 0 6c70747872TESTER123 KHP_LEVEL_1V@>iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.01 # • ? ? # i 7 {DF0D35E0-FAAB-4171-AC94-84A04486C6DB}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_4UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 530250835 234478254030250835 2303004783{CFAD76C1-EE82-305C-EEFD-B5483BD40736} 0 0 6d71808f93CRACKER KHP_LEVEL_1V@=iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.0- • ? ? # i 7 {BDB57DE8-C9BB-46F9-8B0B-B275568EA4D2}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_3UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 430250834 423672965530250834 4232503777{723E27F2-B329-BBF5-365A-3D78DA9BC488} 0 0 6c70748c86TESTER KHP_LEVEL_1@<iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.0+ • ? ? # i 7 LVAL" "s + fb_def_help,programt (UNIT),-,-

I define
Filename: ST_5
User: TESTER123
Password: 123456789


^RB –s–‚R— poe_containerDD4? s–‚R— wObjectProperties€0oL< 3€R— 74765C70B3C449E88BBEA6DF5C6203BhhX? 3€R— Sbase_dataS@?6H<, 3€R— ext_name€1 0 K:* 3€R— Attributes @ J>. 3€R— ;% CrossRef;% ;(Ÿ F:* 3€R— “ CallTree“ @ F:* —3€R— cross_refdirBB2? œ €R E— Ssecondary<<,? œ €R E— unit_body_varsFF6 œ €R E— unit_body_types_constsVVF œ €R E— unit_body_relationsPP@ * œ €R E— unit_interface_varsPP@ Ÿ œ €R E— unit_interface_types_consts``P ž œ €R E— unit_interface_relationsZZJ œ €R E— poe_container_header @ ^RB œ ‰ P E— Spoe_containerDD4? “ ‰ 3f”• Extensions>>.? ’ ‰ 3f”• header@ mB6& ‘ ‰ 3f”• -source-€ o€ – 6 ƒ/ ’˫$s S@˜,~- o6& ‰ ac”• secondary<<,? Š ac”• unitused@ mF:* Ž Š ac”• !unitinterf!€0 17 Name_Exports_V4.2 k>. Š ac”• # symb# @ >2" Œ Š ac”• “ header“ @ B6& ‹ Š ac”• externrefs@B6J>. Š ‰ ac”• primary88(? ~ t š ‘ Extensions>>.? } t š ‘ header@@6B6& | t š ‘ source @ B6& { t š ‘ secondary<<,? z u š ‘ unitused::* y u š ‘ unitinterf>>. x u š ‘ symb22" w u š ‘ w headerw @ B6& v u š ‘ externrefs>>. u t š ‘ primary88(? t š ‘ {96A9A425-6844-469E-97BC-A65AE1753363}vvf? ‹R {F09B75CD-B452-496A-8FFC-8CEC4D57EBD5}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_5UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 630250835 272809789830250835 2727941445{CA813A52-E517-3A55-81BD-176B9CB5E60F} 0 0 6c70a747872TESTER123 KHP_LEVEL_1V@>iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.01 # • ? ? # i 7 {DF0D35E0-FAAB-4171-AC94-84A04486C6DB}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_4UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 530250835 234478254030250835 2303004783{CFAD76C1-EE82-305C-EEFD-B5483BD40736} 0 0 6d71808f93CRACKER KHP_LEVEL_1V@=iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.0- • ? ? # i 7 {BDB57DE8-C9BB-46F9-8B0B-B275568EA4D2}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_3UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 430250834 423672965530250834 4232503777{723E27F2-B329-BBF5-365A-3D78DA9BC488} 0 0 6c70748c86TESTER KHP_LEVEL_1@<iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.0+ • ? ? # i 7 LVAL" "s + fb_def_help,programt (UNIT),-,-


Filename: ST_6
User: ABCD11
Pass: {This is the one i wanted to crack}
mB6& ۝S— -source-€A‰}<1?‚ |6 ’•G.Yr&$ci~8c…‰2o6& jx›S— _Tsecondary<<,? jx›S— unitused::* jx›S— unitinterf>>. jx›S— symb22" jx›S— w headerw @ B6& jx›S— externrefs>>. jx›S— _Tprimary88(? jx›S— _T{F09B75CD-B452-496A-8FFC-8CEC4D57EBD5}vvf? ‹S— wObjectProperties€0oL< ‹S— 5D49B0FC8D184735A3263FDFFA6FA33hhX? ‹S— Sbase_dataS@ mH<, ‹S— ext_name€0 H:* ‹S— Extensions>>.? ‹S— header@C6B6& ‹S— -source-€=•ޏ “Ug\— $ ’„ ^h@% @" `8o6& ‹S— secondary<<,? ‹S— unitused::* Ž ž‹{4ED9F25A-657C-4FD6-8197-76B2360539A4}{132B44C0-7FF7-11D3-8544-0050046A30DE}{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 65535 65535 ST_6UMCProgram.1.1{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 2147483647{C7672CE1-18FD-11D3-8B69-00105A2E94FC}0 730250837 112849564830250837 1128339281{61070682-7B12-FA76-04CD-4DFFE3D20F62} 0 0 73777b7f8a95999dABCD11 KHP_LEVEL_1V@?iver_4.2ver_4.2BES_CV_CUMCPRVersionver_3.07 ) • ? ? # i 7 – $@€ @€ @€ @€ @€+ 68FS@@HF8OB<>FLDJ>D8H>OFMB86D@QJ+

I hope somebody can see some algorithm pattern and figure out the password... The other way i tried was using ollydbg and slowly poking and settign breakpoints. Was also able to trace to the dialogbox and move on but got stuck at 50% progress i would say. Hope to hear from someone

hfm
September 20th, 2012, 15:20
2 user names and passwords isn't really enough information to work out the algorithm to decode the password.

That said I have noticed a couple of things.

1) The passwords for multiple users are saved in both ST_4 and ST_5. The information for "CRACKER" is the same in both files. And there is another user TESTER 6c70748c86TESTER.

2) If what you've posted is actually the whole files, files ST_4 and ST_5 only differ by one character:
6c70747872TESTER123 in ST_4
6c70a747872TESTER123 in ST_5

which if the characters before the username are related to the password it has been changed between saving each file and may be helpful if the password for TESTER123 for ST_4 is known?

3) As nothing else has changed between file ST_4 and ST_5 may be worth trying to replace 0 0 73777b7f8a95999dABCD11 in ST_6 with either the 0 0 6d71808f93CRACKER or 0 0 6c70a747872TESTER123 and seeing if you can open the new file with the matching usernames and passwords for each.

All said are you trying to just open the password protected file or are you more interested in reversing the password algorithm?

AmazingTrans
September 21st, 2012, 08:51
hfm,

They are all in the same one project. I have just created different file called ST_5, ST_6,ST_7. All this files information is located in this project. Yes there is also user TESTER in there and i could not delete it because i forgot the password.
I have tried replacing the password itself but it leads to the file unable to open at all.

I am trying to open protected file in the project.and also interested in reversing the project.
PM me if you would and i'll let you know where to download the sample project.